|
本帖最后由 hwbest 于 2024-3-10 21:29 编辑
楼主, 我用vmware安装openwrt, 然后根据下面的帖子配置
https://www.right.com.cn/forum/thread-8284982-1-1.html
遇到了跟你类似的问题, 在客户端配置默认网关为旁路由IP后发现
1) “师夷长技以制夷”可以正常进行
2) AdguardHome不生效
通过临时停止防火墙发现AdguardHome生效了
/etc/init.d/firewall status
/etc/init.d/firewall stop
在旁路由上执行命令, 可以发现防火墙里面把外部访问的都重定向到DNSMASQ了
iptables -t nat -L PREROUTING
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT udp -- anywhere anywhere /* DNSMASQ */ udp dpt:domain redir ports 5337
REDIRECT tcp -- anywhere anywhere /* DNSMASQ */ tcp dpt:domain redir ports 5337
prerouting_rule all -- anywhere anywhere /* !fw3: Custom prerouting rule chain */
zone_lan_prerouting all -- anywhere anywhere /* !fw3 */
REDIRECT udp -- anywhere anywhere /* DNSMASQ */ udp dpt:domain redir ports 5337
REDIRECT tcp -- anywhere anywhere /* DNSMASQ */ tcp dpt:domain redir ports 5337
REDIRECT udp -- anywhere anywhere /* DNSMASQ */ udp dpt:domain redir ports 5337
REDIRECT tcp -- anywhere anywhere /* DNSMASQ */ tcp dpt:domain redir ports 5337
open克拉什 tcp -- anywhere anywhere
REDIRECT udp -- anywhere anywhere /* DNSMASQ */ udp dpt:domain redir ports 5337
REDIRECT tcp -- anywhere anywhere /* DNSMASQ */ tcp dpt:domain redir ports 5337
所以问题就出在DNSMASQ的规则比AdguardHome规则更早上, 修改方法如下:
1) 修改文件: vi /etc/config/dhcp
2) 把 option dns_redirect 从 '1' 改成'0'
option dns_redirect '0'
重启即可, 重启后的防火墙规则很干净
iptables -t nat -L PREROUTING
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
prerouting_rule all -- anywhere anywhere /* !fw3: Custom prerouting rule chain */
zone_lan_prerouting all -- anywhere anywhere /* !fw3 */
open克拉什 tcp -- anywhere anywhere
我的luci界面好像没有DNS重定向的菜单, 如果你的系统有, 也可以参考去关闭:
网络-DHCP/DNS-基本设置-DNS重定向
https://www.right.com.cn/forum/thread-4056236-1-1.html
解决思路供你参考, 我感觉你大概率是跟我类似的问题, 防火墙被重定向了
|
|